dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved questions JSON to seperate file

Browse Source
This commit is contained in:
Max Geldner 2018-11-10 15:04:24 +01:00 committed by Nanne Baars
parent 41998a0143
commit baff6b06f3
3 changed files with 69 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
View File

@ -163,6 +163,7 @@
</div>
<div class="lesson-page-wrapper">
<script th:src="@{/lesson_js/quiz.js}" language="JavaScript"></script>
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
<div class="adoc-content" th:replace="doc:SqlInjection_quiz.adoc"></div>
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container-fluid">

43
webgoat-lessons/sql-injection/src/main/resources/js/questions.json Normal file
View File

@ -0,0 +1,43 @@
{
"questions": [{
"text": "What is the difference between a prepared statement and a statement?",
"solutions": {
"1": "Prepared statements are statements with hard-coded parameters.",
"2": "Prepared statements are not stored in the database.",
"3": "A statement is faster.",
"4": "A statement has got values instead of a prepared statement"
}
}, {
"text": "Which one of the following characters is a placeholder for variables?",
"solutions": {
"1": "*",
"2": "=",
"3": "?",
"4": "!"
}
}, {
"text": "How can prepared statements be faster than statements?",
"solutions": {
"1": "They are not static so they can compile better written code than statements.",
"2": "Prepared statements are compiled once by the database management system waiting for input and are pre-compiled this way.",
"3": "Prepared statements are stored and wait for input it raises performance considerably.",
"4": "Oracle optimized prepared statements. Because of the minimal use of the databases resources it is faster."
}
}, {
"text": "How can a prepared statement prevent SQL-Injection?",
"solutions": {
"1": "Prepared statements have got an inner check to distinguish between input and logical errors.",
"2": "Prepared statements use the placeholders to make rules what input is allowed to use.",
"3": "Placeholders can prevent that the users input gets attached to the SQL query resulting in a seperation of code and data.",
"4": "Prepared statements always read inputs literally and never mixes it with its SQL commands."
}
}, {
"text": "What happens if a person with malicious intent writes into a register form :Robert); DROP TABLE Students;-- that has a prepared statement?",
"solutions": {
"1": "The table Students and all of its content will be deleted.",
"2": "The input deletes all students with the name Robert.",
"3": "The database registers 'Robert' and deletes the table afterwards.",
"4": "The database registers 'Robert' ); DROP TABLE Students;--'."
}
}]
}

12
webgoat-lessons/sql-injection/src/main/resources/js/quiz.js
View File

@ -1,6 +1,12 @@
$(function () {
var json = "";
var client = new XMLHttpRequest();
client.open('GET', '/WebGoat/lesson_js/questions.json');
client.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
json += client.responseText;
console.log("entry");
let questionsJson = '{"questions": [ { "text": "What is the difference between a prepared statement and a statement?", "solutions": { "1": "Prepared statements are statements with hard-coded parameters.", "2": "Prepared statements are not stored in the database.", "3": "A statement is faster.", "4": "A statement has got values instead of a prepared statement" } }, { "text": "Which one of the following characters is a placeholder for variables?", "solutions": { "1": "\'", "2": "=", "3": "?", "4": "!" } }, { "text": "How can prepared statements be faster than statements?", "solutions": { "1": "They are not static so they can compile better written code than statements.", "2": "Prepared statements are compiled once by the database management system waiting for input and are pre-compiled this way.", "3": "Prepared statements are stored and wait for input it raises performance considerably.", "4": "Oracle optimized prepared statements. Because of the minimal use of the database\'s resources it is faster." } }, { "text": "How can a prepared statement prevent SQL-Injection?", "solutions": { "1": "Prepared statements have got an inner check to distinguish between input and logical errors.", "2": "Prepared statements use the placeholders to make rules what input is allowed to use.", "3": "Placeholders can prevent that the user\'s input gets attached to the SQL query resulting in a seperation of code and data.", "4": "Prepared statements always read inputs literally and never mixes it with its SQL commands." } }, { "text": "What happens if a person with malicious intent writes into a register form :Robert\'); DROP TABLE Students;-- that has a prepared statement?", "solutions": { "1": "The table Students and all of its content will be deleted.", "2": "The input deletes all students with the name Robert.", "3": "The database registers: \'Robert\' and deletes the table afterwards.", "4": "The database registers: \'Robert\' ); DROP TABLE Students;--\'." } } ] }';
let questionsJson = json;
var questionsObj = JSON.parse(questionsJson);
let html = "";
jQuery.each(questionsObj, function(i, obj) {
@ -8,7 +14,6 @@ $(function () {
html += "<div id='question_" + j + "' class='quiz_question attack-container' name='question'><p>" + (j+1) + ".&nbsp;" + quest.text + "</p>";
html += "<fieldset>";
jQuery.each(quest.solutions, function(k, solution) {
//question_' + j + '_solution_' + k + '" value="' + solution + '
solution = "Solution " + k + ": " + solution;
html += '<input type="checkbox" name="question_' + j +'_solution" value="' + solution + '">' + solution + '<br>';
});
@ -16,4 +21,7 @@ $(function () {
});
});
document.getElementById("q_container").innerHTML = html;
}
}
client.send();
});